FKIE_CVE-2009-4419

Vulnerability from fkie_nvd - Published: 2009-12-24 17:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
References
cve@mitre.orghttp://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
cve@mitre.orghttp://osvdb.org/61248
cve@mitre.orghttp://secunia.com/advisories/37900Vendor Advisory
cve@mitre.orghttp://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-frVendor Advisory
cve@mitre.orghttp://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
cve@mitre.orghttp://www.securityfocus.com/bid/37430
cve@mitre.orghttp://www.securitytracker.com/id?1023382
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3618Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/54963
af854a3a-2127-422b-91ae-364da2661108http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/61248
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37900Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-frVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37430
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023382
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3618Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54963
Impacted products
Vendor Product Version
intel gm45_chipset *
intel pm45_express_chipset *
intel q35_chipset *
intel q43_express_chipset *
intel q45_chipset *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:gm45_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F820DB42-1097-44D9-B0FF-3DBED0EFEFEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pm45_express_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "196FAB68-CF7B-4D0C-9E4A-193671C6FCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:q35_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D47457-4812-4004-899F-2D7B4A9B0456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:q43_express_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87258C4-5FC7-4102-BB05-86CBE8855774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:q45_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3970B242-DEA1-4D0D-9ABD-B0512072AC27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded."
    },
    {
      "lang": "es",
      "value": "Intel Q35, GM45, PM45 Express, Q45, Y Q43 Express chipsets en the SINIT Authenticated Code Module (ACM), permite a usuarios locales superar el mecanismo de Trusted Execution Technology y obtener privilegios por modificaci\u00f3n del registro MCHBAR para que apunte a una regi\u00f3n controlada por el atacantes, lo que impide a la instrucci\u00f3n SENTER la adecuada protecci\u00f3n desde applying VT-d, mientras un MLE es cargado."
    }
  ],
  "id": "CVE-2009-4419",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-24T17:30:00.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/61248"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37900"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021\u0026languageid=en-fr"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3618"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/61248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021\u0026languageid=en-fr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54963"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.